[CODE] 2008-11-17,22:05:57 System Repair Engineer 2.7.0.1210 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 3, v.3300 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描计划任务 API HOOK 隐藏进程启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Google Inc] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [TOSHIBA] <"C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang CN> [TOSHIBA Inc.] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [TOSHIBA Corporation] <"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)Beijing Rising Information Technology Corporation Limited] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] [InstallShield Software Corporation] [(Verified)Microsoft Corporation] <"C:\Program Files\GridService\peer.exe" -n Grid> [FS2YOU] [TOSHIBA Corporation] <"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [] [Stylize] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Information Technology Corporation Limited] <{202AEF39-2BFA-4A5F-B526-390FDE0BC675}> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] <%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Thunder5.exe] [(Verified)Microsoft Windows Component Publisher] [HKEY_CURRENT_USER\Control Panel\Desktop] [(Verified)Microsoft Windows Component Publisher] ================================== 启动文件夹 [QQ游戏启动加速程序] C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]> [Stardock ObjectDock] F:\小软件\绿化\OBJECT~1\OBJECT~1.EXE [Stardock]> ================================== 服务 [Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"> [ConfigFree Service / CFSvcs][Running/Auto Start] [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"> [Rising Proxy Service / RfwProxySrv][Running/Auto Start] [Rising Personal Firewall Service / RfwService][Running/Auto Start] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [ServiceLayer / ServiceLayer][Stopped/Manual Start] <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"> [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start] ================================== 驱动程序 [Access 32bits INT15 routine / BoiHwsetup][Running/Manual Start] [usb Card Device / ft2kEnum][Running/Manual Start] [USB Chip Holder Service / GDBaseSmc][Running/Manual Start] [Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start] [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys> [HSFHWAZL / HSFHWAZL][Running/Manual Start] [HSF_DPV / HSF_DPV][Running/Manual Start] [ialm / ialm][Running/Manual Start] [mdmxsdk / mdmxsdk][Running/Auto Start] [TOSHIBA Network Device Usermode I/O Protocol / Netdevio][Running/Auto Start] [Nokia USB Phone Parent / nmwcd][Stopped/Manual Start] [Nokia USB Generic / nmwcdc][Stopped/Manual Start] [Nokia USB Port / nmwcdcj][Stopped/Manual Start] [Nokia USB Modem / nmwcdcm][Stopped/Manual Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [Quanta HotKey Keyboard Filter Driver / qkbfiltr][Running/Manual Start] [Quanta HotKey Mouse Filter Driver / qmofiltr][Running/Manual Start] [SmartCard Reader Device / Reader_Device][Running/Manual Start] [Rising Rfwbase Driver / RfwBase][Running/Auto Start] [RsFwDrv / RsFwDrv][Running/System Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start] [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [Synaptics TouchPad Driver / SynTP][Running/Manual Start] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [Conexant Setup API / UIUSys][Stopped/Manual Start] [Intel(R) PRO/Wireless 3945ABG Adapter Driver / w39n51][Running/Manual Start] [winachsf / winachsf][Running/Manual Start] [WinDriver6 / WinDriver6][Running/Manual Start] [AVG Anti-Spyware Clean Driver / AvgAsCln][Stopped/System Start] [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start] <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys> ================================== 浏览器加载项 [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, > [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A> [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [NowStarter Control] {072039AB-2117-4ED5-A85F-9B9EB903E021} [InfosecCertInstall Class] {0EB487C8-E9AC-43A6-8C4C-083999B0622F} [GDGetTokenInfo Class] {3AA9CF07-DF20-48FF-98BE-DED276E40146} [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} [CCTVUpdateInstall] {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} [AxUSBKey Class] {E4BFF825-2E50-4BCC-8497-6EFDFB6C9B3D} [] {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, > [] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, > [] {116BA71C-8187-4F15-9A1F-C9D6289155D1} <, > [] {202AEF39-2BFA-4A5F-B526-390FDE0BC675} [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [] {2974c985-8151-4de5-b23c-b875f0a8522f} <, > [Zyzzyva] {30FA9641-9CFE-4D71-A3AA-DF8B6FA02FCC} <, > [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, > [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [WangWangObj Class] {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} [] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <, > [] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <, > [] {889D2FEB-5411-4565-8998-1DD2C5261283} <, > [] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, > [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {E2E2DD38-D088-4134-82B7-F2BA38496583} <, > [] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <, > [] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, > [] {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, > [] {FB5DA724-162B-11D3-8B9B-AA70B4B0B525} <, > [查看当前站点排名] [????????????] <, > [????????????????????] <, > ================================== 正在运行的进程 [PID: 684 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)] [PID: 748 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 772 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2034)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [PID: 816 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 828 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2034)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 972 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1040 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1144 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.33] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1172 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1208 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1344 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1444 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1512 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.80] [C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.5] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.36] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29] [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24] [C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41] [C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18] [C:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.9] [C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.14] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.39] [C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.3] [C:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7] [C:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32] [C:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8] [C:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22] [C:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6] [C:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 98] [C:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [C:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11] [C:\PROGRAM FILES\RISING\RAV\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7] [C:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22] [C:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4] [C:\PROGRAM FILES\RISING\RAV\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [C:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11] [C:\PROGRAM FILES\RISING\RAV\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3] [C:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [PID: 1524 / SYSTEM][C:\Program Files\Rising\Rfw\rfwsrv.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.77] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [C:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [C:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17] [C:\Program Files\Rising\Rfw\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.16] [C:\Program Files\Rising\Rfw\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.50] [C:\Program Files\Rising\Rfw\ijt_ctrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.0] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\Program Files\Rising\Rfw\unvdet.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.8] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rfw\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.6] [PID: 1556 / SYSTEM][C:\Program Files\Rising\Rfw\rfwProxy.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.37] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17] [C:\Program Files\Rising\Rfw\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\Program Files\Rising\Rfw\MonMid.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 392 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.10] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 468 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-0707)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0] [PID: 564 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe] [(Verified) Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2034)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1240 / SYSTEM][C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe] [TOSHIBA CORPORATION, 6, 0, 0, 1] [C:\Program Files\TOSHIBA\ConfigFree\NDSAPI.dll] [TOSHIBA CORPORATION, 6, 0, 0, 9] [C:\Program Files\TOSHIBA\ConfigFree\IpAdrSet.dll] [TOSHIBA CORPORATION, 6, 0, 0, 3] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1628 / Wumi][C:\WINDOWS\Explorer.exe] [(Verified) Microsoft Corporation, 6.00.2900.3300 (xpsp.080125-2028)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4436] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4436] [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4436] [C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.4436] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4436] [C:\WINDOWS\ContextBG.dll] [Grigri, 1, 0, 0, 1] [F:\小软件\绿化\ObjectDock\DockShellHook.dll] [N/A, ] [C:\WINDOWS\system32\TPwrCfg.DLL] [TOSHIBA Corporation, 1, 0, 8, 0] [C:\WINDOWS\system32\TPwrReg.dll] [TOSHIBA Corporation, 1, 0, 4, 0] [C:\WINDOWS\system32\TPSTrace.DLL] [TOSHIBA Corporation, 1, 0, 3, 0] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.3300 (xpsp.080125-2028)] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\WINDOWS\system32\dfshim.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\NamiRobot\Data\NamipanExt1.dll] [N/A, ] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\PROGRA~1\Wopti\WOPTIE~1.DLL] [共软网络, 1.0.8.103] [C:\Program Files\IBM RecordNow!\shlext.dll] [, 7.0.0.0] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [PID: 176 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 512 / Wumi][C:\Program Files\Rising\Rfw\RfwMain.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.1.70] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [C:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17] [PID: 1600 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-0707)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 2464 / Wumi][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 8.2.13.2 02Mar06] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 8.2.13.2 02Mar06] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 8.2.13.2 02Mar06] [PID: 2508 / Wumi][C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe] [TOSHIBA, 1, 2, 10, 0] [C:\Program Files\TOSHIBA\Touch and Launch\PadHook.dll] [ , 1, 2, 2, 0] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 8.2.13.2 02Mar06] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [F:\小软件\绿化\ObjectDock\DockShellHook.dll] [N/A, ] [PID: 2544 / Wumi][C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe] [TOSHIBA Inc., 1, 8, 4, 2] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\QManager.dll] [Quanta Computer Inc., 3, 0, 5, 1] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [C:\WINDOWS\system32\IGFXEXPS.DLL] [Intel Corporation, 3.0.0.4436] [PID: 2552 / Wumi][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4436] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4436] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4436] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4436] [PID: 2560 / Wumi][C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe] [TOSHIBA Corporation, 2, 0, 0, 23] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2580 / Wumi][C:\Program Files\Synaptics\SynTP\Toshiba.exe] [Synaptics, Inc., 8.2.13.2 02Mar06] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 8.2.13.2 02Mar06] [C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 8.2.13.2 02Mar06] [PID: 2608 / Wumi][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.24] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [PID: 2632 / Wumi][C:\WINDOWS\system32\igfxsrvc.exe] [Intel Corporation, 3.0.0.4436] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4436] [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4436] [PID: 2716 / Wumi][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.01.27] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [PID: 2788 / Wumi][C:\Program Files\GridService\peer.exe] [FS2YOU, 2, 1, 10, 8242] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [F:\小软件\绿化\ObjectDock\DockShellHook.dll] [N/A, ] [PID: 2880 / Wumi][C:\WINDOWS\system32\TPSMain.exe] [TOSHIBA Corporation, 1, 0, 15, 0] [C:\WINDOWS\system32\TPSMainCtl.dll] [TOSHIBA Corporation, 1, 0, 4, 0] [C:\WINDOWS\system32\CpuPerf.dll] [TOSHIBA Corporation, 1, 0, 1, 0] [C:\WINDOWS\system32\TPSTrace.DLL] [TOSHIBA Corporation, 1, 0, 3, 0] [C:\WINDOWS\system32\TPwrReg.dll] [TOSHIBA Corporation, 1, 0, 4, 0] [C:\WINDOWS\system32\TPeculiarity.dll] [, 1, 0, 0, 5] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [F:\小软件\绿化\ObjectDock\DockShellHook.dll] [N/A, ] [PID: 2952 / Wumi][C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] [Google Inc., 1, 2, 1128, 5462] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\res_zh-CN.dll] [Google Inc., 1, 2, 1128, 5462] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll] [Google Inc., 1, 2, 1128, 5462] [PID: 3056 / Wumi][C:\WINDOWS\system32\CTFMON.EXE] [(Verified) Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [PID: 3248 / Wumi][F:\小软件\绿化\ObjectDock\ObjectDock.exe] [Stardock, v1.90.535u] [F:\小软件\绿化\ObjectDock\CrashRpt.dll] [, 3.0.2.2] [F:\小软件\绿化\ObjectDock\dbghelp.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [F:\小软件\绿化\ObjectDock\zlib.dll] [, 1.1.3] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\Program Files\Common Files\Stardock\ODImg.dll] [N/A, ] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [F:\小软件\绿化\ObjectDock\DockShellHook.dll] [N/A, ] [F:\小软件\绿化\ObjectDock\Docklets\StackDocklet\StackDocklet.dll] [Matías Moreno, 1.0.0.39] [PID: 3308 / Wumi][C:\WINDOWS\system32\igfxext.exe] [Intel Corporation, 3.0.0.4436] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4436] [C:\WINDOWS\system32\IGFXEXPS.DLL] [Intel Corporation, 3.0.0.4436] [PID: 3568 / Wumi][C:\WINDOWS\system32\TPSBattM.exe] [TOSHIBA Corporation, 1, 0, 2, 0] [C:\WINDOWS\system32\TPwrCfg.DLL] [TOSHIBA Corporation, 1, 0, 8, 0] [C:\WINDOWS\system32\TPwrReg.dll] [TOSHIBA Corporation, 1, 0, 4, 0] [C:\WINDOWS\system32\TPSTrace.DLL] [TOSHIBA Corporation, 1, 0, 3, 0] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [PID: 2652 / Wumi][C:\Program Files\GridService\peeradapter.exe] [FS2YOU, 2, 1, 10, 8242] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [F:\小软件\绿化\ObjectDock\DockShellHook.dll] [N/A, ] [PID: 3160 / Wumi][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5, 1, 43] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [F:\小软件\绿化\ObjectDock\DockShellHook.dll] [N/A, ] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0] [C:\Program Files\SogouInput\3.6.0.1653\ZipLib.dll] [Sogou.com Inc., 3.6.0.1653] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [PID: 1480 / Wumi][C:\Program Files\RaySource\RaySource.exe] [, 2, 1, 10, 8242] [C:\Program Files\RaySource\RoxBaseClass.dll] [N/A, ] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [F:\小软件\绿化\ObjectDock\DockShellHook.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [C:\Program Files\RaySource\RoxFileDownloadPlugin.dll] [N/A, ] [C:\Program Files\RaySource\RoxFileHistoryPlugin.dll] [N/A, ] [C:\Program Files\RaySource\RoxFileUploadPlugin.dll] [N/A, ] [C:\Program Files\RaySource\fs2you.dll] [TODO: , 1.0.0.1] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [PID: 3840 / Wumi][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [F:\小软件\绿化\ObjectDock\DockShellHook.dll] [N/A, ] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [PID: 2428 / Wumi][C:\DOCUME~1\Wumi\LOCALS~1\Temp\Rar$EX00.610\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210] [PID: 3944 / Wumi][C:\DOCUME~1\Wumi\LOCALS~1\Temp\Rar$EX00.610\SRE9869f25d.EXE] [Smallfrogs Studio, 2.7.0.1210] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [F:\小软件\绿化\ObjectDock\DockShellHook.dll] [N/A, ] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [C:\DOCUME~1\Wumi\LOCALS~1\Temp\Rar$EX00.610\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [PID: 408 / Wumi][C:\Program Files\Maxthon\Maxthon.exe] [Maxthon International Ltd., 1, 6, 3, 80] [C:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [F:\小软件\绿化\ObjectDock\DockShellHook.dll] [N/A, ] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ------fs2you patch by vadera@pdahd.cn------ 59.63.157.25 www.fs2you.com 222.169.230.101 dyn.www.fs2you.com 59.32.232.195 file1.fs2you.com 222.169.230.98 file2.fs2you.com 221.204.246.79 file3.fs2you.com 61.150.85.80 file4.fs2you.com 60.2.139.27 file5.fs2you.com 61.184.189.10 file6.fs2you.com 61.174.62.132 file7.fs2you.com 58.211.75.49 file8.fs2you.com 61.134.84.238 file9.fs2you.com 61.156.40.181 file10.fs2you.com 218.75.151.4 file11.fs2you.com 58.211.75.31 file12.fs2you.com 124.94.101.133 file13.fs2you.com 221.204.246.115 file14.fs2you.com 218.75.151.10 file15.fs2you.com 58.218.209.126 file16.fs2you.com 61.157.152.173 file17.fs2you.com 125.46.41.27 file18.fs2you.com 125.91.11.223 file19.fs2you.com 59.53.48.134 file20.fs2you.com 59.53.48.136 file21.fs2you.com 59.53.48.144 file22.fs2you.com 61.139.106.204 file23.fs2you.com 59.53.48.172 file24.fs2you.com 124.94.101.146 file25.fs2you.com 61.166.111.227 file26.fs2you.com ------fs2you patch end------ ------fs2you patch by vadera@pdahd.cn------ 59.63.157.25 www.fs2you.com 222.169.230.101 dyn.www.fs2you.com 59.32.232.195 file1.fs2you.com 222.169.230.98 file2.fs2you.com 221.204.246.79 file3.fs2you.com 61.150.85.80 file4.fs2you.com 60.2.139.27 file5.fs2you.com 61.184.189.10 file6.fs2you.com 61.174.62.132 file7.fs2you.com 58.211.75.49 file8.fs2you.com 61.134.84.238 file9.fs2you.com 61.156.40.181 file10.fs2you.com 218.75.151.4 file11.fs2you.com 58.211.75.31 file12.fs2you.com 124.94.101.133 file13.fs2you.com 221.204.246.115 file14.fs2you.com 218.75.151.10 file15.fs2you.com 58.218.209.126 file16.fs2you.com 61.157.152.173 file17.fs2you.com 125.46.41.27 file18.fs2you.com 125.91.11.223 file19.fs2you.com 59.53.48.134 file20.fs2you.com 59.53.48.136 file21.fs2you.com 59.53.48.144 file22.fs2you.com 61.139.106.204 file23.fs2you.com 59.53.48.172 file24.fs2you.com 124.94.101.146 file25.fs2you.com 61.166.111.227 file26.fs2you.com ------fs2you patch end------ ================================== 进程特权扫描特殊特权被允许： SeDebugPrivilege [PID = 2508, C:\PROGRAM FILES\TOSHIBA\TOUCH AND LAUNCH\PADEXE.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2508, C:\PROGRAM FILES\TOSHIBA\TOUCH AND LAUNCH\PADEXE.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2544, C:\PROGRAM FILES\TOSHIBA\WINDOWS UTILITIES\HOTKEY.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2544, C:\PROGRAM FILES\TOSHIBA\WINDOWS UTILITIES\HOTKEY.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2560, C:\PROGRAM FILES\TOSHIBA\TOSHIBA ZOOMING UTILITY\SMOOTHVIEW.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2560, C:\PROGRAM FILES\TOSHIBA\TOSHIBA ZOOMING UTILITY\SMOOTHVIEW.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2788, C:\PROGRAM FILES\GRIDSERVICE\PEER.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2788, C:\PROGRAM FILES\GRIDSERVICE\PEER.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2880, C:\WINDOWS\SYSTEM32\TPSMAIN.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2880, C:\WINDOWS\SYSTEM32\TPSMAIN.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3248, F:\小软件\绿化\OBJECTDOCK\OBJECTDOCK.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3248, F:\小软件\绿化\OBJECTDOCK\OBJECTDOCK.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3568, C:\WINDOWS\SYSTEM32\TPSBATTM.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3568, C:\WINDOWS\SYSTEM32\TPSBATTM.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2652, C:\PROGRAM FILES\GRIDSERVICE\PEERADAPTER.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2652, C:\PROGRAM FILES\GRIDSERVICE\PEERADAPTER.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 1480, C:\PROGRAM FILES\RAYSOURCE\RAYSOURCE.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1480, C:\PROGRAM FILES\RAYSOURCE\RAYSOURCE.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3840, C:\PROGRAM FILES\WINRAR\WINRAR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3840, C:\PROGRAM FILES\WINRAR\WINRAR.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2428, C:\DOCUME~1\WUMI\LOCALS~1\TEMP\RAR$EX00.610\SRENGLDR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2428, C:\DOCUME~1\WUMI\LOCALS~1\TEMP\RAR$EX00.610\SRENGLDR.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 408, C:\PROGRAM FILES\MAXTHON\MAXTHON.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 408, C:\PROGRAM FILES\MAXTHON\MAXTHON.EXE] ================================== 计划任务 [已启用] SogouImeMgr.job C:\PROGRA~1\SOGOUI~1\360~1.165\PinyinRepair.exe ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]